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Abstract. We give arithmetical proofs of the strong normalization of two sym- 
metric A-calculi corresponding to classical logic. 

The first one is the A/i/i-calculus introduced by Curien & Herbelin. It is derived 
via the Curry-Howard correspondence from Gentzen's classical sequent calculus 
LK in order to have a symmetry on one side between "program" and "context" 
and on other side between "call-by-name" and "call-by-value". 
The second one is the symmetric A/i-calculus. It is the A/i-calculus introduced 
by Parigot in which the reduction rule ji' , which is the symmetric of fi, is added. 
These results were already known but the previous proofs use candidates of re- 
ducibility where the interpretation of a type is defined as the fix point of some 
increasing operator and thus, are highly non arithmetical. 



Keywords: A-calculus, symmetric calculi, classical logic, strong normahza- 
tion. 



1. Introduction 

Since it has been understood that the Curry-Howard correspondence relating proofs 
and programs can be extended to classical logic (Felleisen |13|, Griffin [15]), various 
systems have been introduced: the Ac-calculus (Krivine ifTTl ). the Aexn-calculus (de 
Groote IH), the A^-calculus (Parigot [1231 ). the A'^^™-calculus (Barbanera & Berardi 
HI), the AA-calculus (Rehof & Sorensen |[29l ). the A/u/l-calculus (Curien & Herbelin 
lH), the dual calculus (Wadler OTl ). ... Only a few of them have computation rules 
that correspond to the symmetry of classical logic. 
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We consider here the A/i/l-calculus and the symmetric A^-calcuIus and we give 
arithmetical proofs of the strong normalization of the simply typed calculi. Though 
essentially the same proof can be done for the A'^^™-caIcuIus, we do not consider here 
this calculus since it is somehow different from the previous ones: its main connector 
is not the arrow but the connectors or and and and the symmetry of the calculus comes 
from the de Morgan laws. This proof will appear in Battyanyi's PhD thesis (2\ who 
will also consider the dual calculus. Note that Dougherty & all [12] have shown the 
strong normalization of this calculus by the reducibility method using the technique of 
the fixed point construction. 

The first proof of strong normalization for a symmetric calculus is the one by 
Barbanera & Berardi for the A'^^™-calculus. It uses candidates of reducibility but, 
unlike the usual construction (for example for Girard's system F), the definition of the 
interpretation of a type needs a rather complex fix-point operation. Yamagata [32] has 
used the same technic to prove the strong normalization of the symmetric A/u-calculus 
where the types are those of system F and Parigot, again using the same ideas, has 
extended Barbanera & Berardi's result to a logic with second order quantification. 
Polonovsky, using the same technic, has proved in [27] the strong normalization of the 
A/u/i-reduction. These proofs are highly non arithmetical. 

The two proofs that we give are essentially the same but the proof for the Xfifi- 
calculus is much simpler since some difficult problems that appear in the A/i-calculus 
do not appear in the A^/x-calculus. In the A/^i/i-calculus, a /x or a A cannot be created at 
the root of a term by a reduction but this is not the case for the symmetric A^-calculus. 
This is mainly due to the fact that, in the former, there is a right-hand side and a left- 
hand side whereas, in the latter, this distinction is impossible since a term on the right 
of an application can go on the left of an application after some reductions. 

The idea of the proofs given here comes from the one given by the first author for 
the simply typed A-calculus : assuming that a typed term has an infinite reduction, we 
can define, by looking at some particular steps of this reduction, an infinite sequence 
of strictly decreasing types. This proof can be found either in Q (where it appears 
among many other things) or as a simple unpublished note on the web page of the first 
author (www . lama . univ-savoie . f r/~david ). 

We also show the strong normalization of the /x/i-reduction (resp. the /x^u'-reduction) 
for the un-typed calculi. The first result was already known and it can be found in [27]. 
The proof is done (by using candidates of reducibility and a fix point operator) for a 
typed calculus but, in fact, since the type system is such that every term is typable, 
the result is valid for every term. It was known that, for the un-typed A/^i-calculus, the 
//-reduction is strongly normalizing (see [28]) but the strong normalization of the fi^'- 
reduction was an open problem raised long ago by Parigot. Studying this reduction by 
itself is interesting since a fi (or /i')-reduction can be seen as a way "to put the argu- 
ments of the /X where they are used" and it is useful to know that this is terminating. 

This paper is an extension of flT]. In particular, section 4 essentially appears there. 
It is organized as follows. Section 2 gives the syntax of the terms of the A/x/i-calculus 
and the symmetric A/x-calculus and their reduction rules. Section 3 is devoted to the 
proof of the normalization results for the A/x/i-calculus and section 4 for the symmetric 
A/t-calculus. We conclude in section 5 with some remarks and future work. 
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2. The calculi 

2.1. The A/i/i-calculus 
2.1.1. The un-typed calculus 

There are three kinds of terms, defined by the following grammar, and there are two 
kinds of variables. In the literature, different authors use different terminology. Here, 
we will call them either c-terms, or /-terms or r-terms. Similarly, the variables will 
be called either /-variables (and denoted as x,y,...) or r- variables (and denoted as 
a, 13, ...). 

In the rest of the paper, by term we will mean any of these three kind of terms, 
c ::= {ti,tr) 

ti ::= X I Xxti I iiac \ tr-U 

tr '■'■= OL I \OLtr I ii-XC \ ti-tr 



Remark 2.1. ti (resp. tr) stands of course for the left (resp. right) part of a c-term. 

At first look, it may be strange that, in the typing rules below, left terms appear in the 
right part of a sequent and vice-versa. This is just a matter of convention and an other 
choice could have been done. Except the change of name (done to make easier the 
analogy between the proofs for A/x/x-calculus and the symmetric A/x-calculus) we have 
respected the notations of the literature on this calculus. 



2.1.2. The typed calculus 



The logical part of this calculus is the (classical) sequent calculus which is, intrinsi- 
cally, symmetric. The types are built from atomic formulas with the connectors and 
— where the intuitive meaning of ^ — S is "A and not B". The typing system is a 
sequent calculus based on judgments of the following form: 



c : (r h A) 



r h 



ti : A 



A 



r. 



h A 



where T (resp. A) is a /-context (resp. a r-context), i.e. a set of declarations of the form 
X : A (resp. a : A) where x (resp. a) is a /-variable (resp. a r- variable) and A is a type. 



r,x:Ah x:A , A 



r, a: A h a : ^, A 



r,x:Ah 


ti ■■ B 


,A 


rh 


Xxti : 


A^B 


,A 



r h 


ti : A 


,A r, 


tj. : B 


h A 


r, 


ti.tr -.A^B 


h A 



rh 


tr.A 


,A r, 


tr '■ B 


h A 


rh 


tr.ti -.A-B 


,A 



r, 


tf '. .A 


h 


a:B,A 


r, 


Xatr ■ 


A 


-B 


h A 



T\- tr. A ,A T , tr : A \- A 



{ti,tr) : (rh A) 
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c : (r h a : A, A) 



c: (r,a; A) 



r h ixac: A , A 



r, fxxc: A h A 



2.1.3. The reduction rules 

The cut-elimination procedure (on the logical side) corresponds to the reduction rules 
(on the terms) given below. 

• {Xxti,t'i.tr)> X {t'i,nx{ti,tr)) 

• {t'^.tu\atr)>^{iia{tutr),t'^) 

• {fiac^tr) > ij,c[a := tr] 

• {ti,nxc) c[x := ti] 

• jia {ti, a) >siti if a ^ Fv{ti) 

• fix {x,tr) > sr tr if X ^ Fv{tr) 

Remark 2.2. It is easy to show that the ///i-reduction is not confluent. For example 
(/xa {x,(3), jiy (x, a)) reduces both to (x, (3) and to (x, a). 

Definition 2.1. • We denote by > ; the reduction by one of the logical rules i.e. 

• We denote by > ^ the reduction by one of the simpUfication rules i.e. > or > sr 

2.2. The symmetric A//-calculus 
2.2.1. The un-typed calculus 

The set (denoted as T) of A/x-terms or simply terms is defined by the following gram- 
mar where x, y, ... are A- variables and a, /3, ... are /x- variables: 



Note that we adopt here a more liberal syntax (also called de Groote's calculus) 
than in the original calculus since we do not ask that a jia is immediately followed by 
a {13 M) (denoted [/3]M in Parigot's notation). 

2.2.2. The typed calculus 

The logical part of this calculus is natural deduction. The types are those of the simply 
typed A^-calculus i.e. are built from atomic formulas and the constant symbol ± with 
the connector — >. As usual -^A is an abbreviation for A ^_L. 

The typing rules are given below where F is a context, i.e. a set of declarations 
of the form x : A and a : -^A where x is a A (or intuitionistic) variable, a is a /x (or 
classical) variable and A is a formula. 



r ::= X I AxT | (T T) | fxaT \ {a T) 
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r-. r ax 

T,x : A\- X : A 

T,x:AhM:B T h M : A ^ B T h N : A 



r h XxM :A^B ' T\- {M N) -.B 

r,a:^AhM:± T,a:^AhM:A 
r h /iaM : A T ,a : ^A^ (a M) : 1. 

Note that, here, we also have changed Parigot's notation but these typing rules are 
those of his classical natural deduction. Instead of writing 

M:{Al\...,Al-hB,C'^\...,C^-) 

we have written 

xi : Ai, ...,Xn ■■ An, ai : ^Ci, am : ^Cm \- M : B 



2.2.3. The reduction rules 

The cut-elimination procedure (on the logical side) corresponds to the reduction rules 
(on the terms) given below. Natural deduction is not, intrinsically, symmetric but 
Parigot has introduced the so called Free deduction ||22]| which is completely sym- 
metric. The A/i-calculus comes from there. To get a confluent calculus he had, in 
his terminology, to fix the inputs on the left. To keep the symmetry, it is enough to 
add a new reduction rule (called the /x'-reduction) which is the symmetric rule of the 
/i-reduction and also corresponds to the elimination of a cut. 

• {XxM N) >p M[x := N] 

• {naM N) naM[a =,. N] 

• {N fiaM) o^/ fiaM[a =i N] 

• (a fi(3M) >p M[[3 := a] 

• fLa{a M) >g M if a is not free in M. 

where M[a =r N] (resp. M[a =i N]) is obtained by replacing each sub-term of M 
of the form (a U) by (a {U N)) (resp. (a {N U))). This substitution is called a 
/x-substitution (resp. a /x'-substitution). 

Remark 2.3. 1. It is shown in |[23l that the -reduction is confluent but neither 
/i/i' nor /3fi' is. For example {ftax fij3y) reduces both to ftax and to iij3y. Simi- 
larly {Xzx fL[3y) reduces both to x and to /i/3?/. 

2. Unlike for a /^-substitution where, in M[x := N], the variable x has disappeared 
it is important to note that, in a /x or //'-substitution, the variable a has not 
disappeared. Moreover its type has changed. If the type of is ^ and, in M, 
the type of a is — > B) it becomes ^B in M[a =r N]. If the type of N is 
A ^ B and, in M, the type of a is -^A it becomes ^B in M[a =i N]. 
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3. In section 4, we will not consider the rules 9 and p. The rule 9 causes no prob- 
lem since it is strongly normalizing and it is easy to see that this rule can be 
postponed. However, unlike for the A^/i-calculus where all the simpUfication 
rules can be postponed, this is not true for the rule p and, actually, Battyanyi has 
shown in 121 that pp'p is not strongly normalizing. However he has shown that 
pp'p (in the untyped case) and fSpp'p (in the typed case) are weakly normaliz- 
ing. 

2.3. Some notations 

The following notations will be used for both calculi. It will also be important to note 
that, in section 3 and 4, we will use the same notations (for example S;, S^) for objects 
concerning respectively the A/i/i-calculus and the symmetric A^-calculus. This is done 
intentionally to show the analogy between the proofs. 

Definition 2.2. Let u, v be terms. 

1. cxty{u) is the number of symbols occurring in u. 

2. We denote by u < v (resp. u < v) the fact that n is a sub-term (resp. a strict 
sub-term) of v. 

3. A proper term is a term that is not a variable. 

4. If (J is a substitution and u is a term, we denote by 

• a + [x := u\ the substitution a' such that for y / x, cr'(y) = a{y) and 
(t'{x) = u 

• a[x := u] the substitution a' such that (j'{y) = <T{y)[x := u]. 
Definition 2.3. Let A be a type. We denote by lg{A) the number of symbols in A. 

In the next sections we will study various reductions. The following notions will 
correspond to these reductions. 

Definition 2.4. Let > be a notion of reduction. 

1. The transitive (resp. reflexive and transitive) closure of > is denoted by (resp. 
>*). The length (i.e. the number of steps) of the reduction t >* t' is denoted by 
lg{t>* t'). 

2. If t is in SN i.e. t has no infinite reduction, r/(t) will denote the length of the 
longest reduction starting from t and r]c{t) will denote {ri{t), cxty{t)). 

3. We denote hy u ^ v the fact that u <w ior some w such that vt>* w and either 
vt>^ w or u < w. We denote by < the reflexive closure of -<. 

Remark 2.4. - It is easy to check that the relation < is transitive, that u <vifiu <w 
for some w such that v w. We can also prove (but we will not use it) that the relation 
< is an order on the set SN. 

- If f G SN and u ~< v, then u € SN and r]c{u) < r]c{v). 

- In the proofs done by induction on some /c-uplet of integers, the order we consider 
is the lexicographic order. 
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3. Normalization for the A/i/i-calculus 

The following lemma will be useful. 

Lemma 3.1. Let t be a /-term (resp. a r-term). If t S SN, then (t, a) G SN (resp. 

{x,t) G SN). 

Proof By induction on rj{t). Since {t,a) SN, {t,a) > u for some u such that 
u SN. If u = {t', a) where t >t' we conclude by the induction hypothesis since 
r/(f ) < r]{t). lit = jjpc and u = c[/3 := a] SN, then c ^ SN and t ^ SN. 
Contradiction. □ 

3.1. > s can be postponed 

Definition 3.1. 1. Let > ^g,t> /ig be defined as follows: 

• {fiac,tr) > c[a := tr] if a occurs at most once in c 

• {ti, jjx c) > fig c[x := ti] if X occurs at most once in c 

2. Leto/f, = Uo^Q. 

Lemma 3.2. If u> s v > i w, then there is t such that u > 1 1 w or u > ii-^ t > i w. 
Proof By induction on u. □ 

Lemma 3.3. If u > s v > w, then either u > w or, for some t, u > t > g w or 

Proof By induction on u. □ 

Lemma 3.4. If u>*g v > w then, for some t, u [>"J"^ t \>*g w and lg{u >*g v > w) < 
lg{u >\t>\w). 

Proof By induction on lg{u t>*g vt' w). Use lemma 1331 □ 
Lemma 3.5. \fut>*gV>iw then, for some t,ut>^^ t c>*g w . 

Proof By induction on lg{u t>*gV'> i w). Use lemmas [33] and □ 
Corollary 3.1. > g can be postponed. 

Proof By lemma |33] □ 
Lemma 3.6. The s-reduction is strongly normalizing. 

Proof \fut>sV, then cxty{u) > cxty{v). □ 

Theorem 3.1. 1. If t is strongly normalizing for the /-reduction, then it is also 
strongly normalizing for the /s-reduction . 

2. If t is strongly normalizing for the /x/i-reduction, then it is also strongly normal- 
izing for the ^/is-reduction. 

Proof Use lemmas 1331 and |3?T] It is easy to check that the lemma [3?T] remains true 
if we consider only the reduction rules ^ and jl. □ 
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3.2. The yu/i-reduction is strongly normalizing 

In this section we consider only the /u/i-reduction and we restrict the set of terms to the 
following grammar. 

c ::= {ti,tr) 

ti ::= X I fiac 

tr '■'■= a I fiXC 

It is easy to check that, to prove the strong normalization of the full calculus with 
the /i/i-reduction, it is enough to prove the strong normalization of this restricted cal- 
culus. 

Remember that we are, here, in the un-typed caculus and thus our proof does not 
use types but the strong normalization of this calculus actually follows from the result 
of the next section: it is easy to check that, in this restricted calculus, every term is 
typable by any type, in the context where the free variables are given this type. We 
have kept this section since the main ideas of the proof of the general case already 
appear here and this is done in a simpler situation. 

The main point of the proof is the following. It is easy to show that if t G SN 
but t[x := ti] SN, there is some {x,tr) ~< t such that tr[x := t/] G SN and 
{ti,tr[x := ti]) ^ SN. But this is not enough and we need a stronger (and more 
difficult) version of this: lemma [3J] ensures that, if t[a] G SN but t[a] [x := U] SN 
then the real cause of non SN is, in some sense, [x := i/]. 

Having this result, we show, essentially by induction on r/c(t;) + rjc{tr), that if 
ti,t.r G SN then {ti,tr) G SN. The point is that there is, in fact, no deep interactions 
between ti and U i.e. in a reduct of {ti,tr) we always know what is coming from t; 
and what is coming from tr. The final result comes then from a trivial induction on the 
terms. 

Definition 3.2. • We denote by (resp. S^) the set of simultaneous substitutions 
of the form [xi := ti,...,Xn := tn] (resp. [ai := ti,...,an '■= tj) where 
ti, t„ are proper /-terms (r-terms). 

• For s G {I, r}, if cr = [^i := ti, ^„ := t„] G Ss, we denote by dom{a) (resp. 
Im{a)) the set {^i, (resp. {ti, t„,}). 

Lemma 3.7. Assume ti,tr G SN and {ti,tr) SN. Then either ti = //ac and 
c[a := tr] ^ SN or tr = fJ.xc and c[x := ti] SN. 

Proof By induction on r/(i;) +r]{tr). Since {ti,tr) ^ SN, {ti,tr)>t for some t such 
that t SN. If t = {t'i,tr) where ti^t'i, we conclude by the induction hypothesis 
since r]{t'i) + ri{tr) < r]{ti) + ri{tr). lit = {ti,t'^) where tr > t'r, the proof is similar. If 
ti = fia c and t = c[a := tr] SN or tr = ^xc and t = c[x := ti] ^ SN, the result 
is trivial. □ 
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Lemma 3.8. 1. Let t be a term, ti a /-term and r £ S;. Assume ti € SN, x is 
free in t but not free in Imir). If t[r] e S'TV but t[r][x := t;] SN, there is 
(x, tr) -< i and r' G S/ such that UIt'] G S'iV and (t/, tr M) ^ 5'iV- 

2. Let i be a term, tj. a r-term and o" G S^. Assume £ SN, a is free in t but not 
free in Im{a). If t[cr] G 5'iV but t[a][a := U] SN, there is -< t and 

cr' G such that ti[a'] G 5iV and {ti[a'],tr) 5iV. 

Proof We prove the case (1) (the case (2) is similar). Note that ti is proper since 
t[r] G S'iV, t[r][x := ti] S'A^ and x is not free in Im{T). Let /m(T) = {ti, 
Let W = {u / u is proper and u <t} and V = {f / f; is proper and v <ti for some i}. 
Define inductively the sets and of substitutions by the following rules: 

p G iff p = or p = p' + [y := ^[5]] for some /-term G V, 5 G and p' G 
(5 G S; iff (5 = or 5 = (5' + [/? := ^[p]] for some r-term ueU,peT.[ and 5' G S; 

Denote by C the conclusion of the lemma, i.e. there is {x, tr) -< t and t' G such 
that tr[T'] G SN and (t;, [r']) S'A^. We prove something more general. 

(1) If u G Z^, p G S;, u[p\ G SN and n[p][x := t,] SiV, then C holds. 

(2) If G V, 5 G E;, G SN and [x := t;] ^ SN, then C holds. 

The term t is proper since t[T][x := t/] SiV. Then conclusion C follows from 
(1) with t and r. 

The properties (1) and (2) are proved by a simultaneous induction on ric{u[p\) (for 
the first case) and ric{v[S\) (for the second case). We only consider (1), the case (2) is 
proved in a similar way. 

• If n begins with a ^. The result follows from the induction hypothesis. 

• If n = {ui,Ur). 

- If Ur[p][x := ti] SN: then is proper and the result follows from the 
induction hypothesis. 

- If ui [p] [x :=ti] SN and ui is proper: the result follows from the induc- 
tion hypothesis. 

- If ti/[p][x := ti] SN and ui = y e dom{p). Let p{y) = p(5d[5\, then 
pl3d[S\[x := ti] SA^ and the result follows from the induction hypothesis 
with p/3d and 5 (case (2)) since ric{pl3d[5\) < ric{u[p]). 

- Otherwise, by lemma [3^ there are two cases to consider. Note that Ur can- 
not be a variable because, otherwise, ti[p][x := ti] = {ui[p][x := ti],Ur) 
and thus, by lemma l3?n n[p][3; := ti] would be in SN. 

(1) tti[p][x := ti] = pac and c[a := nr[p][x := ti]] SN. 

- If = pad, then d[a := «,.][p][x := ti] SN and the 
result follows from the induction hypothesis with d[a := Ur] and p since 
ri{d[a := Ur][p]) < r/(n[p]). 

- If = y G dom{p), let p{y) = p[3 d[S\, then := ti] ^ 
SN where 5' = 5 + [(5 := Ur[p\] and the result follows from the induction 
hypothesis with d and 5' (case(2)). 
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-If ui = X, then (x, Ur) and r' = p[x := ti] satisfy the desired 
conclusion. 

(2) nr[/j][x := ti] = fiyc and c[a := ti;[/o][x := ti]] SN. Then 
Ur = fiyd and d[y := ni][p][a; := ti] SN. The result follows from 
the induction hypothesis with d[y := ui] and p since ?7((i[y := iiz][/3]) < 
ri{u[p]). □ 



Theorem 3.2. The /^/i-reduction is strongly normalizing. 

Proof By induction on the term. It is enough to show that, if ti,tr G SN, then 
{ti,tr) G SN. We prove something more general: let a (resp. r) be in S,. (resp. 
S/) and assume t;[(T],tr[r] G 5A^. Then (t^ [cr] , t,. [r] ) G SN. Assume it is not the 
case and choose some elements such that i/[o"],trM G SN, (t; [cr] , M ) •S'iV and 
{ri{ti) + r]{tr),cxty{ti) + cxty{tr))i?>mmimdl. By lemma l3.7[ either ti[a] = pac&nd 
c[a := tr[T]] ^ SN or t,.[r] = pxc and c[x := tz[cr]] ^ 5A^. Look at the second case 
(the first one is similar). We have tr = pxd and d[T] = c, then d[r] [x := ti [a]] ^ SN. 
By lemma [181 let Ur ~< d and r' G be such that ^^.[r'] G SN, {ti[a],Ur[T'] ^ SN. 
This contradicts the minimality of the chosen elements since ric{ur) < r]c{tr). □ 

3.3. The typed A/z/i-calculus is strongly normalizing 

In this section, we consider the typed calculus with the /-reduction. By theorem [TTl 
this is enough to prove the strong normalization of the full calculus. To simplify nota- 
tions, we do not write explicitly the type information but, when needed, we denote by 
type{t) the type of the term t. 

The proof is essentially the same as the one of theorem [l!2l It relies on lemma [3?T0l 
for which type considerations are needed: in its proof, some cases cannot be proved 
"by themselves" and we need an argument using the types. For this reason, its proof 
is done using the additional fact that we already know that, if ti,tr G SN and the type 
of tr is small, then t[x := tr] also is in SN. Since the proof of lemma [3TTT] is done by 
induction on the type, when we will use lemma [3?T0l the additional hypothesis will be 
available. 

Lemma 3.9. Assume ti,tr G SN and {ti,tr) ^ SN. Then either (ti = pac and 

c[a := tr] SN) or (tr = pxc and c[x := ti] ^ SN) or (ti = Xxui, tr = u[.Ur and 
{u'l, px{ui,Ur)) SN) or (tr = Xaur, ti = u'r-Ui and {pa{ur,ui),u'r) SN). 
Proof By induction on "qiti) + ry(tr-)- D 

Definition 3.3. Let yl be a type. We denote '£a,i (resp. T^A.r) the set of substitutions 
of the form [xi := ^i, ...,Xn := tn] (resp. [ai := ti, a„ := t„]) where ti, ...,tn are 
proper /-terms (resp. r-terms) and the type of the Xi (resp. Oj) is A. 

Lemma 3.10. Let n be an integer and ^ be a type such that lg{A) = n. Assume H 
holds where H is: for every -u, f G SN such that lg{type{v)) < n, u[x := v] G SN. 

1. Let t be a term, ti a Z-term and r G Syij. Assume ti G SN and has type A, x 
is free in t but not free in Im{T). If t[r] G SN but t[T] [x := ti] SN, there is 
{x, tr) < t and r' G S^j such that tr[T'] G SN and {ti,tr[T']) SN. 
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2. Let t be a term, tj. a r-term and a G S^/r- Assume tj- £ SN and has type A, a 
is free in t but not free in Im{a). If t[a] £ SN but t[a] [a := tr] ^ SN, there is 
{ti,a) -< t and a' G i;^,^ such that ti[a'] G S'iV and t,.) 5iV. 

Proof We only prove the case (1), the other one is similar. Note that ti is proper 
since t[r] G S N and t[T][x := ti] ^ SN. Let /m(r) = {ti,...,tk}. LetU = {u/u is 
proper and u ^ t} and V = {v / vis proper and v <ti for some i}. Define inductively 
the sets S'^ ^ and ^ of substitutions by the following rules: 

p G iff p = or p = p' + [y := v[S\] for some /-term u G V, 5 G S'^ p' G S^^^ 
and y has type A. 

6 G S'^ iff J = or 5 = 5' + [/3 := u[p]] for some r-term u£U,p£ 5' G 
and /3 has type A. 

Denote by C the conclusion of the lemma, i.e. there is (x, tj.) -< t and r' G such 
that ty.[T'] G SN and (t^, t^[r']) ^ SN. We prove something more general. 

(1) If u G Z^, p G S'^ tt[p] G SN and ii[p] [x := t/] S'iV, then C holds. 

(2) If u G V, 5 G t;[(5] G SN and ^[5] [x := t;] SiV, then C holds. 

Note that, since t[T][x := ti] ^ 5A^, t is proper and thus, C follows from (1) with 
t and r. The properties (1) and (2) are proved by a simultaneous induction on ric{u[p\) 
(for the first case) and rjc{v[S\) (for the second case). We only consider (1) since (2) is 
similar. 

The proof is as in lemma |3^ We only consider the additional cases: u = {ui,Ur), 
ui[p][x := ti] G SN, Ur[p][x := ti] G SN, Uj. is proper and one of the two following 
cases occurs. 

• ni[p][x := ti] = Xxvi, Ur[p\[x := ti] = v[.Vr and {v[, px{vi,Vr)) SN. Then, 
Ur = w[.Wr, v'l = w[[p\[x != ti] and Vr = Wr[p\[x != t/]. There are three cases 
to consider. 

- ui = Xxwi and wilp] [x := t;] = vi, then the result follows from the induc- 
tion hypothesis with {w'l, px{wi,Wr)) and p since ri{{w[, px{wi,Wr))[p]) < 
Viu[p])- 

- ui = y € dom{p). Let p(y) = \zwi[5\,thena = {w[[p\, px{wi[5\,Wr[p\)) 
[x := ti] ^ SN. But, 

- b = wl[p][x := ti],c = wi[5][x := ti],d = Wr[p][x := U] G SN, 

- lg{type{b)) < n, lg{type{c)) < n, 

- a = (x2,px(xi,d))[xi := c][x2 := b] 
and this contradicts the hypothesis (H). 

- ui = x, then (x, Ur) and r' = r[x := ti] satisfy the desired conclusion. 



• ni[p][x := ti] = Vj..vi, Ur[p][x := ti] = XaVj- and {pa{vi,Vr),Vj.) ^ SN. The 
proof is similar. □ 
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Lemma 3.11. lit,ti,tr G SN, thent[x := ti],t[a := U] G SN. 

Proof We prove something a bit more general: let ^ be a type and t a term. 

(1) Let ti, tfe be /-terms and ri, be substitutions in ^- If> for each i, t-i has 
type A and tiln] G SN, then t[xi := ti[ri], Xk := tfc['^fc]] £ -^iV- 

(2) Let ti, tfc be r-terms and ri, be substitutions in /. If, for each i, tj has 
type A and ti[ri] G SN, then t[ai := ti[ri], := tfc[rfc]] G SN. 

We only consider (1) since (2) is similar. This is proved by induction on {lg{A), 
r]{t),cxty{t), S r]{ti), S cxty{ti)) where, in S il{ti) and S cxty{ti), we count each 
occurrence of the substituted variable. For example if = 1 and xi has n occurrences, 
S r]{ti) = n.r]{ti). 

The only no trivial case is t = {ui,Ur). Let a = [xi := ti[ri], Xk ■= tk[Tk]]- 
By the induction hypothesis, ui[a], Ur[a] G SN. By lemma |3^ there are four cases 
to consider. 

• ui[a] = fiac and c[a := Ur[a]] SN. 

- If = fiad and d[a] = c. Then d[a := Ur][a] ^ SN and, since r]{d[a := 
Ur]) < i]{t), this contradicts the induction hypothesis. 

- If = Xi, ti = fiad and d[Ti][a := Ur[a]] SN. By lemma [3TT0l there 
isvi ^ d and r- G T.A,r such that ?;z[t/] G S'iV and (u; [r^'] , H ) ^ SN. 
Let t' = {y,Ur) where y is a fresh variable and a' = a+[y = vi[tI]]. Then 
{vi[Tl],Ur[(7]) = t'[(T'] and, since {r]{vi),cxty{vi)) < {r]{ti),cxty{ti)) we 
get a contradiction from the induction hypothesis. 

• Ur[(T] = fixc and c[x := ui[a]] ^ SN, then Ur = fixd, d[a\ = c and 
d[x := ui\[(t] SN. Since r/(d[x := ui\) < r]{t), this contradicts the induction 
hypothesis. 

• ui[a] = Xxvi, Ur\(T\ = W;.-;;,. and {v[, ^x{vi,Vr)) ^ S'iV, then Ur = w[.Wr, 
w[[a] = v'l and Wrlcr] = Vr. 

- If ui = Xxwi and wi[a] = vi. Then {w'l, iix{wi,Wr))[u\ S'A^ and this 
contradicts the induction hypothesis, since r]{{w'i, jj,x{wi,Wr))) < i]{t). 

- If ui = Xi, ti = Xxwi and {w[[a], fj,x{wi[Ti], Wr[(7])) SN. Then, 
{wi[Ti],Wr[cr]) = {y,Ur[a])[y := w/[Tj]] where y is a fresh variable and 
thus {wi[Ti],Wr[a]) G SN, since lg{type{wi[Ti])) < lg{A). 

Since {w'i[a], fj,x{wi[Ti],Wr[a])) = {z, fix{wi[Ti],Wr[cr]))[z := it;|[fT]] where 
2 is a fresh variable and lg{type{w'i[a])) < IgiA), this contradicts the in- 
duction hypothesis. 

• Ur[(7] = Xavr, ui[(t] = v'^.vi and {fia{vi,Vr),v'j.) ^ SN. This is proved in the 
same way. □ 



Theorem 3.3. Every typed term is in SN. 

Proof By induction on the term. It is enough to show that if ti , tr G SN, then 

{ti,tr) G SN. Since {ti,tr) = {x, a)[x := ti][a := tr] where x, a are fresh variables, 
the result follows from lemma [BTTT] □ 
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4. Normalization for the symmetric A/i-calcuIus 
4.1. The /i/i'-reduction is strongly normalizing 

In this section we consider the /i^u'-reduction, i.e. M > M' means M' is obtained 
from M by one step of the /i/z'-reduction. The proof of theorem 14.11 is essentially 
the same as the one of theorem 13.21 We first show (cf. lemma 14.21 ) that a /i or 
substitution cannot create a fi and then we show (cf. lemma l44l) that, if M[a] G SN 
but A/[cr][a P] ^ SN, then the real cause of non SN is, in some sense, [a =r P]. 
The main point is again that, in a reduction of (M A^) € SN, there is, in fact, no deep 
interactions between M and N i.e. in a reduct of (M A^) we always know what is 
coming from M and what is coming from A^. 

Definition 4.1. • The set of simultaneous substitutions of the form [ai Pi 
ctn =s„ Pn] where Sj G {/, r} will be denoted by S. 

• For s G {I, r}, the set of simultaneous substitutions of the form [ai =s Pi 
...an =s Pn\ will be denoted by S^j. 

• If o" = \a\ P\ On =s„ Pn], wc denote by dom{a) (resp. Im{a)) the 
set{ai, a„}(resp. {Pi, P„} ). 

• Let cr G S. We say that a ^ SN iff for every N G Im{a), N G SN. 

• If P is a sequence Pi, P„ of terms, (M P) will denote {M Pi ... P„). 

Lemma 4.1. If (M N) >* ^laP, then either M >* ftaMi and Mi[a N] \>* P or 
N 0* naNi and iVi [a =i M] o* P. 

Proof By induction on the length of the reduction (M A^) i>* fiaP. □ 

Lemma 4.2. Let M be a term and cr G S. If M[a] >* fiaP, then M >* fiaQ for some 
Q such that (5[(t] >* P. 

Proof By induction on M. M cannot be of the form (/? M') or Ax M'. If Af begins 
with a yU, the result is trivial. Otherwise M = (Mi M2) and, by lemma RTT] either 
Ml [a] >* /xaP and R[a =r M2M] P or M2H >* /iaP and R[a =1 Mi[a]] >* P. 
Look at the first case (the other one is similar). By the induction hypothesis Mi\>* ftaQ 
for some Q such that Q[a] >* R and thus M >* p,aQ[a =r M2]. Since Q[a =r 
M2] [a] = Q[a] [a =r M2 [a]] >* R[a M2 [a]] >* P we are done. □ 

Lemma 4.3. Assume M,N € SN and (M AT) ^ SA^. Then either M >* /xaMi and 
Ml [q =r N] ^ SN or N >* ^ij3Ni and A^i [(3 =1 M] ^ SN. 

Proof By induction on r/(M) + ri{N). Since (M A^) ^ S'A^, (M A^) > P for some 
P such that P S'Af. If P = (M' A^) where M i> M' we conclude by the induction 
hypothesis since rj{M') + rj{N) < ??(M) + rj{N). If P = (M A^') where A^ > A^' 
the proof is similar. If M = ftaMi and P = /xaMi [a =r A^] or A^ = fijSNi and 
P = /i/3A^i [13 =1 M] the result is trivial. □ 
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Lemma 4.4. Let M be a term and a G S^. Assume S is free in M but not free in 
Im{a). If M[a] G SN but M[a][6 =s P] SN, there is M' ^ M and a' such that 
M'[o-'] G SN and, if s = r, (M'fa'] P) 5iV and, if s = /, (P M'[a']) SiV. 

Proof Assume s = r (the other case is similar). Let Im{a) = {Ni, Nj^}. As- 
sume M, S, a, P satisfy the hypothesis. Let = {[/ / C/ ^ M} and V = {F / ^ ^ 
Ni for some i}. Define inductively the sets and of substitutions by the follow- 
ing rules: 

p G iff p = or /) = p' + [/3 =r V[t]] for some F G V, r G Il„ and p' G Sm 
T G E„ iff r = or T = r' + [a =i U[p]] for some U gU, p eT.m and r' G Il„ 

Denote by C the conclusion of the lemma, i.e. there is M' -< M and a' such that 

M'[a'] G SN, and {M'[a'] P) ^ SN. 

We prove something more general. 

(1) Let f/ G and p G S^. Assume U[p\ G 5Ar and U[p][5 =r P] ^ SN. Then, C 
holds. 

(2) Let y G V and r G S„. Assume V[t] G 57V and y[r][(^ =r P] ^ SN. Then, C 
holds. 

The conclusion C follows from (1) with M and a. The properties (1) and (2) are 
proved by a simultaneous induction on r]c{U[p]) (for the first case) and 770(1/ [r]) (for 
the second case). 

Look first at (1) 

- if [/ = XxU' or U = pall': the result follows from the induction hypothesis with U' 
and p. 

- if [/ = {Ui U2): if Ui[p][5 =r P] ^ SN iov i = I ov i = 2, the result follows 
from the induction hypothesis with Ui and p. Otherwise, by lemma 14.21 and 14.31 say 
Ui i>* paU[ and, letting U' = U[[a =r U2], U'[p][5 =r P] SN and the resuh 
follows from the induction hypothesis with U' and p. 

-ifU = {5 Ui): if Ui[p][6 =r P] G SN, then M' = Ui and a' = p[6 =r P] satisfy 
the desired conclusion. Otherwise, the result follows from the induction hypothesis 
with Ui and p. 

- if U = {a Ui): if a dom{p) or =r P] SN, the result follows from 
the induction hypothesis with Ui and p. Otherwise, let p{a) = V[t]. If y[T][5 

P\ SN, the result follows from the induction hypothesis with V and r (with (2)). 
Otherwise, by lemmas W2\ and 1431 there are two cases to consider. 

-Ui>* paiU2anAU2[p'][S =r P] ^ SN where p' = p+[ai =r V[r]]. The result 
follows from the induction hypothesis with U2 and p'. 

- V >* p^Vi and Vi[t']\5 =r P] SN where t' = T+[fi=i Ui[p\]. The result 
follows from the induction hypothesis with Vi and r' (with (2)). 

The case (2) is proved in the same way. Note that, since 5 is not free in the Ni, the 
case b = {5 Vi) does not appear. □ 

Theorem 4.1. Every term is in SN. 

Proof By induction on the term. It is enough to show that, if M, N G SN, then 
(M A^) G SN. We prove something more general: let a (resp. r) be in (resp. 
E/) and assume M[a], iV[r] G SN. Then {M[a] N[t]) G SN. Assume it is not the 
case and choose some elements such that M[a],N[T] G SN, {M[a] N[t]) ^ SN and 
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(7?(M) +ri{N),cxty{M) + cxty{N)) is minimal. By lemmagJl either M[a] >* fiSMi 
and Mi[6 N[t]] ^ SN or N[t] >* iifiNi and iVi[/3 =i M[a]] SN. Look at 
the first case (the other one is similar). By lemma 1421 M o* ii5M2 for some M2 such 
that M2[a] 0* Mi. Thus, M2[(t][(5 N[t]] 5iV. By lemma 113] with M2,a and 
iV[r], let M' ^ M2 and cj' be such that M'[a'] G SN, {M'[a'] N[t]) S'iV. This 
contradicts the minimality of the chosen elements since r]c{M') < r]c{M). □ 



4.2. The simply typed symmetric A/x-calculus is strongly normalizing 

In this section, we consider the simply typed calculus with the /3/i^'-reduction i.e. 
M > M' means M' is obtained from M by one step of the /3/i/i'-reduction. The strong 
normalization of the /3/X;u'-reduction is proved essentially as in theorem [331 

There is, however, a new difficulty : a /5-substitution may create a ft, i.e. the fact 
that M[x := A^] t>* fiaP does not imply that M >* ^aQ. Moreover the fi may come 
from a complicated interaction between M and N and, in particular, the alternation 
between M and N can be lost. Let e.g. M = (Mi {x {XyiXy2fJ.aM4) M2 M3)) 
and N = Xz{z Ni). Then M[x := N] 0* (Mi {fiaM^ M3)) 0* /iaM^[a =r 
Ms\[a =1 Ml]. To deal with this situation, we need to consider some new kind of 
/x;u'-substitutions (see definition 14.21) . Lemma |4. 1 01 gives the different ways in which 
a ft may appear. The difficult case in the proof (when a /x is created and the control 
between M and N is lost) will be solved by using a typing argument. 

To simplify the notations, we do not write explicitly the type information but, when 
needed, we denote by type{M) the type of the term M. 

Lemma 4.5. 1. If (M N) 0* XxP, then M 0* Ay Mi and Mi [y := N] 0* XxP. 

2. If (M N) >* fiaP, then either (M ;>* AyMi and Mi[y := N] t>* fiaP) or 
(M 0* fxaMi and Mi [a N] 0* P) or {N >* ftaNi and Ni[a =1 M] >* P). 

Proof (1) is trivial. (2) is as in lemma 1411 □ 

Lemma 4.6. Let M G SN and a = [xi := Ni,...,Xk := Nk]. Assume M[a] >* XyP. 
Then, either M 0* XyPi and Pi [a] >* P or M 0* {xi Q) and {Ni Q\a\) t>* XyP. 

Proof By induction on r]c{M). The only non immediate case is M = {R S). By 
lemma |431 there is a term Ri such that R[a] >* XzRi and Ri[z := S[a]] t>* XyP. By 
the induction hypothesis (since r]c{R) < rjc{M)), we have two cases to consider. 

(1) 0* XzR2 and R2[(t\ >* Ri, then R2[z := S][a] >* XyP. By the induction 
hypothesis (since 7]{R2[z := S]) < r]{M)), 

- either R2[z := S] >* XyPi and Pi [a] >* P ; but then M ;>* AyPi and we are done. 

- or R2[z := S] >* (xj Q) and {Ni Q[a])\>* XyP, then M t>* {xi Q) and again we 
are done. 

(2) R >* {xi Q) and {Ni Qjoj) >* XzRi. Then M 0* {xi Q S) and the result is 
trivial. □ 
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Definition 4.2. • An address is a finite list of symbols in {/, r}. The empty list 
is denoted by [] and, if a is an address and s G {l,r}, [s :: a] denotes the list 
obtained by putting s at the beginning of a. 

• Let a be an address and M be a term. The sub-term of M at the address a 
(denoted as Ma) is defined recursively as follows : if M = {P Q) and a = [r :: 
h] (resp. a = [l \:h]) then Ma = Qb (resp. P^) and undefined otherwise. 

• Let M be a term and a be an address such that Ma is defined. Then M{a = N) 
is the term M where the sub-term Ma has been replaced by N. 

• Let M, N be some terms and a be an address such that Ma is defined. Then 
N[a =a M] is the term N in which each sub-term of the form (a U) is replaced 

by (a M{a = U)). 

Remark 4.1. - Let = \x{a \y{x nf3{a y))), M = (Mi (M2 M3)) and a = [r :: 
I]. Then N[a =„ M] = Xx{a (Mi (Xyix /i/3(a (Mi (y M3)))) M3))). 

- Let M = {P {{R {x T)) Q)) and a = [r I r ■.: I]. Then N[a =« M] = 
N[a =r T][a =1 R][a =r Q][a =r P]. 

- Note that the sub-terms of a term having an address in the sense given above are 
those for which the path to the root consists only on applications (taking either the left 
or right son). 

- Note that [a =[;] M] is not the same as [a =1 M] but [a =1 M] is the same as 
[a =[,,] (M A^)] where N does not matter. More generally, the term N[a =a M] does 
not depend of M^. 

- Note that M(a = N) can be written as M'[xa := N] where M' is the term M 
in which Ma has been replaced by the fresh variable Xa and thus (this will be used 
in the proof of lemma l4~T2l) if Ma is a variable x, {a U)[a =a M] = {a Mi[y := 
U[a =a M]]) where Mi is the term M in which the particular occurrence of x at the 
address a has been replaced by the fresh name y and the other occurrences of x remain 
unchanged. 

Lemma 4.7. Let M be a term and a = [ai =a^ Ni, ...,an =a„ Nn]. 

1. If M[a] >* XxP, then M >* XxQ and Q[a] >* P. 

2. If M[a] >* naP, then M t>* /xaQ and Q[a] 0* P. 

Proof By induction on M. Use lemma 1431 □ 



Lemma 4.8. Assume M, N e SN and (M N) ^ SN. Then, either (M ;>* XyP 

and P[y ■= N] ^ SN) or (M t>* //aP and P[a =^ iV] ^ S'A^) or (iV >* i^aP and 
P[a =i M] ^ 5Af). 

Proof By induction on ri{M) + r/(A^). □ 



Lemma 4.9. If T h M : A and M 0* N then T K : ^. 
Proof Straightforward. 



□ 
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Lemma 4.10. Let n be an integer, M G SN, a = [xi := Ni,...,Xk := N^] where 
lg{type{Ni)) = n for each i. Assume M[cj] >* fiaP. Then, 

L either M >* ftaPi and Pi [a] >* P 

2. or M >* Q and, for some i, Ni >* ftaN'- and N[[a =a Q[o']] >* P for some 
address a in Q such that Qa = Xi. 

3. or M >* Q, Qa[(T] >* ftaN' and N'[a =a Q[cr]] >* P for some address a in Q 
such that lg{type{Qa)) < n . 

Proof By induction on ryc(M). The only non immediate case is M = {R S). Since 
M[a] >* fiaP, the application {R[a] S[a]) must be reduced. Thus there are three cases 
to consider. 

• It is reduced by a /i' -reduction, i.e. there is a term such that S[a] >* fiaSi 
and Si[a =i i?[o"]] i>* P. By the induction hypothesis: 

- either S>* fiaQ and Q[a]>*Si, then M>* ^aQ[a =i R] and Q[a =i R][a]t>*P. 

- or S >* Q and, for some i, Ni >* naN^, Qa = xi for some address a in Q and 
N[[a =a Q[cf]] 0* ^i. Then M >* {R Q) = Q' and letting b = [r :: a] we have 
Nl[a =b Q'[a]] >* P. 

-or 5 >* Q, (5aHi>*/uaA^' for some address a in Q such that /(/(type((5a)) < n 
and N'[a =« Q[cr]] >* Si. Then M >* {R Q) = Q' and letting 6 = [r :: a] we 
have N'[a =b Q'[a]] t>* P and lg{type{Q'^)) < n. 

• It is reduced by a /x-reduction. This case is similar to the previous one. 

• It is reduced by a /3-reduction, i.e. there is a term U such that R[a] >* XyU and 
U[y := S[a]] >* fiaP. By lemma 1431 there are two cases to consider. 

- either flo* XyRi and Ri[a][y := S[a]] = Ri[y := S][a] >* fiaP. The result 
follows from the induction hypothesis since ri{Ri[y := S]) < 7]{M). 

- or R>* {xi Ri). Then Q = {xi Ri S) and a = [] satisfy the desired conclusion 
since then lg{type{M)) < n. □ 



Definition 4.3. Let ^ be a type. We denote by the set of substitutions of the form 
[ai Ml,..., On =a„ whcrc the type of the is ^A. 

Remark 4.2. Remember that the type of a is not the same in N and in N[a =a M]. 
The previous definition may thus be considered as ambiguous. When we consider the 
term N[a] where a € S^, we assume that N (and not A^[o-]) is typed in the context 
where the Oi have type A. Also note that considering N[a =a M] implies that the 
type of Ma is A. 

Lemma 4.11. Let n be an integer and ^ be a type such that lg{A) = n. Let A^, P be 

terms and r G S^. Assume that, 

• for every M, N € SN such that lg{type{N)) < n, M[x := N] G SN. 

• N[T]e SN but N[t][6 =a P] ^ SN. 
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• S is free and has type -lA in N but 6 is not free in Im{T). 

Then, there is A^' ^ iV and r' G Sa such that N'[t'] £ SN and P{a = N'[t']) ^ SN. 

Proof The proof looks like the one of lemma l4!4l Denote by (H) the first assumption 
i.e. for every M,N e SN such that lg{type{N)) < n, M[x := N] G SN. 

Let T = [ai =a. Ml, an =«„ U = {U / U ^ N} and V = {V / V ^ 
Mi for some i}. Define inductively the sets S,„ and S„ of substitutions by the follow- 
ing rules: 

/9 G Il„ iff /> = or /9 = + [q =a V[a]] for some 1/ G V, o" G T,m, p' G 5]„ and 
a has type ^A. 

a G Tim iff cr = or (7 = fj' + [x := f7[/o]] for some U £ U, p £ T,n, a' G Sm 
and X has type A. 

Denote by C the conclusion of the lemma. We prove something more general. 

(1) Let [/ G and p G S„. Assume U[p] G SN and U[p][5 =a P] ^ SN. Then, C 
holds. 

(2) Let F G V and a G S^. Assume V[(t] G SN and V[(7][5 =„ P] SiV. Then, C 
holds. 

Note that the definitions of the sets S„ and S^, are not the same as the ones of 
lemma l44l We gather here in S„ all the ^/x'-substitutions getting thus the new substi- 
tutions of definition 14. 2 1 and we put in only the A-substitutions. 

The conclusion C follows from (1) with N and r. The properties (1) and (2) are 
proved by a simultaneous induction on r]c{U[p\) (for the first case) and ric{V[T]) (for 
the second case). 

The proof is by case analysis as in lemma l4!4l We only consider the new case for 
V[a\, i.e. when V = (Vi V2) and Vi[a][6 P] G SN. The other ones are done 
essentially in the same way as in lemma 1441 

- Assume first the interaction between Vi and V2 is a /3-reduction. If Vi >* XxVl, 
the result follows from the induction hypothesis with V{[x := 1^2] [o"]. Otherwise, 
by lemma SH Vi >* (x W). Let a{x) = U[p\. Then {U[p\ W[a]) XyQ and 
Q[y := V2 [cr]] [6 =a P] SN. But, since the type of x is A, the type of y is less than 
A and since Q[6 =a P] and V2[a] [5 =a P] are in SN this contradicts (H). 

- Assume next the interaction between Vi and V2 is a /i or ^'-reduction. We consider 
only the case p (the other one is similar). If Vi >* paV(, the result follows from the 
induction hypothesis with V([a =r V2][(t]. Otherwise, by lemma l4~T0l there are two 
cases to consider. 

- Vi >* Q, Qc = X for some address c in Q and x G dom{a), (7{x) = U[p], 
U[p] >* paUi and Ui[a =c QW]][a =r V2[a]][6 =a P] SN. By lemma |4Jl we 
have C7t>* paU2 and >* Ui, then U2[p][a =c Q[(T]][a V2{oW =a P] ^ SN. 
Let V = {Q V2) and b = I :: c. The result follows then from the induction hypothesis 
with U2[p ] where p' = p + [a =b V'[a]]. 

-Vi >*Q, Qc[cr][6 =a P]i>*pai? for some address cin Q such that Z(7(type(Qc)) < 
n, R[a =c Q[(y][6 =a P]][a V2[a][5 =a P]] SN. Let V = {Q' V2) where 
Q' is the same as Q but Qc has been replaced by a fresh variable y and b = I :: 
c. Then R[a =b V'[a][6 =a P]] SN. Let R' be such that R' -< R, R'[a =b 
V'[a][6 =a P]] SN and r]c{R') is minimal. It is easy to check that R' = {a R"), 
R"[a =b V'[a][6 =a P]] G SN and V'[a'][6 =a P] ^ SN where a' = a + 
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[y := R"[a =b V'[a]]]. If V'[a][5 =a P\ ^ SN, we get the result by the induction 
hypothesis since r/c(y[cr]) < r/c(y[(T]). Otherwise this contradicts the assumption 
(H) since V'[a][5 =a P],R"[a =b V'[a][6 P]] G SN, V'[a][5 =a P][y := 
R"[a =h V'[a] [5 =a P]]] i SN and the type of y is less than n. □ 

Lemma 4.12. If M, N € SN, then M[x := N] G SN. 

Proof We prove something a bit more general: let ^ be a type, M, Ni, Nk be 
terms and ri, ...,Tk be substitutions in T^a- Assume that, for each i, Ni has type A 
and Ni[Ti] G SN. Then M[xi := A^i[ri], Xk := Nk[Tk]] G SN. This is proved 
by induction on {lg{A),r]{M),cxty{M), S r]{Ni),T. cxty{Ni)) where, in S r]{Ni) 
and S cxty{Ni), we count each occurrence of the substituted variable. For example if 
k = \ and xi has n occurrences, S 'r]{Ni) = n.r]{Ni). 

If M is Ay Ml or (a Mi) or /xaMi or a variable, the result is trivial. Assume then 
that M = (Ml M2). Let a = [xi := iVi[ri], Xk := Nk[Tk]]. By the induction 
hypothesis. Mi [cr] , M2 [a] G SN. By lemma |48] there are 3 cases to consider. 

• Ml [a] >* XyP and P[y := M2[cr]] SN. By lemma l46l there are two cases to 
consider. 

- Ml t>* XyQ and Q[a] >* P. Then Q[y := MaJH = Q[a][y := AfsH] >* 
P[y := Af2[o']] and, since ri{Q[y := M2]) < f/(M), this contradicts the 
induction hypothesis. 

- Ml 0* {xi Q) and {Ni Q\(j]) t>* XyP. Then, since the type of Ni is A, 
lg{type{y)) < lg{A). But P,M2[a] G SN and P[y := MaH] SN. 
This contradicts the induction hypothesis. 

• Ml [a] 0* fxaP and P[a =r M2[(t]] SN. By lemma l4?T0l there are three cases 
to consider. 

- Mi>*fLaQ and Q[cr]>* P. Then, Q[a =r MaJH = Q[a][a =r M2[a]]>* 
P[a =r M2[(j]] and, since r]{Q[a =r M2]) < r]{M), this contradicts the 
induction hypothesis. 

- Ml >* Q, Ni[Ti] >* liaL' and Qa = Xi for some address a in Q such that 
L'[a =a Q[a]] 0* P and thus L'[a =b M'[a]] SN where b = {I :: a) 
and M' = (Q M2). 

By lemmaim Ni >* ftaL and L[ri] 0* L'. Thus, L[Ti][a =b M'[a]] ^ 
SN. By lemma 14. Ill, there is Li L and r' such that Li[t'] G SN and 
M'[cj](^ = ^ -SiV. Let M" be M' where the variable at the 

address b has been replaced by the fresh variable y and let o"i = o" + [y := 
Li[t']]. Then M"[cji] = M'[a]{b = Li[r']) 5A^. 
If Ml o"*" (5 we get a contradiction from the induction hypothesis since 
r]{M") < r]{M). Otherwise, M" is the same as M up to the change 
of name of a variable and ai differs from a only at the address b. At this 
address, Xi was substituted in a by Ni [ri] and in cji by Li [r'] but ric{Li) < 
r]c{Ni) and thus we get a contradiction from the induction hypothesis. 
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- M>* Q, QaW] >* fJ-aL for some address a in Q such that lg{type{Qa)) < 
lg{A) and L[a =a Q[(t]] t>* P. Then, L[a =b M'[(j]] SN where 
h = [l:: a] and M' = {Q M2). 

By lemma |4Tm there is an L' and r' such that L'[t'] G SN and M'[a] {b = 
L'[t']) ^ SN. Let M" be M' where the variable Xi at the address b 
has been replaced by the fresh variable y. Then M"[(T][y := -^^'[t']] = 
M'[a]{b = L'[t']) ^SN. 

But ri{M") < rj{M) and cxty{M") < cxty{M) since, because of its type, 
Qa cannot be a variable and thus, by the induction hypothesis, M"[(j] € 
SN. Since M"[a][y := L'[t']] SN and lg{type{L')) < lg{A), this 
contradicts the induction hypothesis. 

• M2[cr] 0* ^aP and P[a =1 Mi[a]] SN. This case is similar to the previous 
one. □ 

Theorem 4.2. Every typed term is in SN. 

Proof By induction on the term. It is enough to show that if M, N € SN, then 
(M N) G SN. Since (M N) = {x y)[x := M][y := N] where x,y are fresh vari- 
ables, the result follows by applying theorem [4. 12l twice and the induction hypothesis. 

□ 

5. Remarks and future work 

5.1. Why the usual candidates do not work ? 

In ll26l . the proof of the strong normalization of the A^-calculus is done by using 
the usual (i.e. defined without a fix-point operation) candidates of reducibility. This 
proof could be easily extended to the symmetric A/x-calculus if we knew the following 
properties for the un- typed calculus: 

1. If N and {M[x := N] P) are in SN, then so is {\xM N P). 

2. If and {M[a =r N] P) are in SN, then so is (/ioM N P). 

3. If P are in SN, then so is (x P). 

These properties are easy to show for the /3/i-reduction but they were not known 
for the /3/i/i'-reduction. 

The third property is true but the properties (1) and (2) are false. The proof of (3) 
and the counter-examples for (1) and (2) can be found in ifTOl . 

5.2. Future work 

We believe that our technique, will allow to give explicit bounds for the length of the 
reductions of a typed term. This is a goal we will try to manage. 
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